Patients sue hospital for health data breach damages

Because their medical records were compromised as far back as the fall of 2010, 12 North Shore University Hospital (NY) patients have taken the hospital and parent company, North Shore-Long Island Jewish Health System, to court.

The patient data stolen from the hospital included, according to newyork.cbslocal.com, medical record face sheets with full names, addresses, Social Security numbers, dates of birth, medical histories as well as other information. Unlike many of these types of cases, some the plaintiffs have already had their identities stolen and will be looking for compensatory and punitive damages beyond future identity and credit monitoring. The suit argues that the hospital was negligent, misrepresentative, breached its fiduciary duty, breached its contract and violated HIPAA.

One patient said that she’s already had to deal with a fake tax return using her Social Security and others had thousands of dollars stolen. The hospital believes the issue has been resolved.

“The hospital has taken aggressive steps to strengthen the security protocols we have in place to protect patient information,” North Shore-LIJ Health System spokesman Terry Lynam said in a statement. “In the past 11 months, no further identify thefts have been reported to the hospital, indicating that the safeguards the hospital now has in place are working.”

Boca Raton PHI theft

In other fraudulent federal tax refund news, bizjournals.com reports that former Boca Raton Regional Hospital scheduler Shalamar Major sold patient data in return for future payments. Major had access to the protected health information (PHI) and sold it off to Tanisha Wright, according to a federal indictment. In all, Wright filed 57 fraudulent tax returns looking for $306,720 in refunds and split the money with Major. And PHIPrivacy.net posted their Jan. 24 indictment, after which they were arrested on Jan. 31.